Security specialists have warned that a high number of companies around the world are embracing the Internet of Things (IoT) without fully understand the risk IoT devices, putting their customers’ data in great danger.

“From a security perspective, the world is simply not ready for IoT,” said Rob Sadowski, director of market insight and technology solutions at RSA – the security arm of EMC.

Increasing danger

“It’s just another thing that’s absolutely continuing to expand what we call the attack surface. It’s just another place where an attacker can find a vulnerability or can find a foothold an get in. It’s expanding the number of things that we need to defend or at least understand from a policy perspective.”

Speaking at EMC World in Las Vegas this week, Sadowski said there are a few important questions companies need to ask themselves if they are to utilise IoT devices securely.

Do you know what devices are on your network? Do you know who should have access to those devices? And what can those devices actually do? Can you make sure that those devices are deployed securely and maintained in a secure operating fashion?

“A lot of that has to do with patching and vulnerability management,” he explained. “Some of it has to do with the infrastructure that’s around the devices and how often that changes. That’s all fairly basic hygiene, blocking and tackling-type stuff. But given the scale of the amount of things that might show up on someone’s network in the future, that’s a big problem. Just look at the challenges that exist today.

Sadowski believes that there are plenty of companies working in the energy and chemicals sectors that are great examples of how not to embrace IoT.

“These are companies that have industrial controls that are automated. Security on their networks tends to not be very good and it’s security through obscurity in a lot of cases. There’s an assumption that devices have been deployed securely and that companies know who has access to them and what they’re doing with them. But when you go into many organisation they can’t actually answer those very fundamental questions.”

Jeff Carpenter, principal product marketing manager, RSA, agreed that the world is far from prepared for IoT, and is adamant that IoT frameworks must be urgently put in place.

He said: “We already have tens of thousands of manufacturers creating these devices and very few of them are security aware, security optimised or have anything to do with security.

“I’ve even seen security products out there for IoT that have very low security, so go figure. I think what we need is a framework so that you can class IoT devices by certain classifications. For example, a motion detector or a SIM chip that goes with your refrigerator. The framework would create a class of those ‘things’. Then you can manage security by class versus trying to have to manage and address policies for every device on your network.”

However, like many other innovations that are happening in IT, IoT adoption is not something that can be stopped, Sadowski said.

“There’s just so much potential for productivity benefits, cost benefits etc. But people working in security and risk have to get their heads around what the influx of connected devices is going to mean for the security of their company.”

Are you an IoT expert? Take our quiz to find out!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

View Comments

  • A framework to classify IoT devices is an excellent idea for the reasons mentioned. The problem with all information technology is that many of the decision makers in many organisations do not have sufficient technical knowledge, and don't fully understand the impact of their technology decisions. Deployment of technology based on perceived efficiencies often has a far greater financial cost in the long term due to the complexity and security vulnerabilities introduced. The perceived benefit of IoT within organisations is only going to exacerbate the problem.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago